This is a discussion on [openssl.org #1068] X509_NAME_add_entry: inserting with loc == 0 and set == 0 creates wrong set - Openssl ; Hi,
I've created the RT entry above before noticing that I cannot further edit
it, sorry! Here are the relevant details to add:
The function X509_NAME_add_entry has the following bug: When called with
"loc == 0" and "set == 0", ...

I've created the RT entry above before noticing that I cannot further edit
it, sorry! Here are the relevant details to add:

The function X509_NAME_add_entry has the following bug: When called with
"loc == 0" and "set == 0", the local variable "inc" is set using "inc =
(set == 0) ? 1 : 0;" after (!) the parameter "set" is already overwritten.

I noticed this behaviour when writing a function to convert a
Distinguished Name from the RFC2253 ASCII representation to the ASN.1
encoding. I created a X509_NAME structure and called the function
X509_NAME_add_entry for each RDN with "loc == 0" to change the order of
RDNs as demanded by RFC2253. When using 3 RDNs, two of them are put in the
same set because of the bug.

This bug exists at least since version 0.9.5a up to the current CVS
version I checked.